Your SlideShare is downloading. ×
VIII. Privacy – TCPA
VIII. Privacy – TCPA
VIII. Privacy – TCPA
VIII. Privacy – TCPA
VIII. Privacy – TCPA
VIII. Privacy – TCPA
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

VIII. Privacy – TCPA

313

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
313
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. VIII. Privacy – TCPA Telephone Consumer Protection Act1 the relationship. An individual may reasonably expect that an affiliate is included in an established business relationship Introduction based on products offered or the identity of the affiliate. The Federal Communications Commission (FCC) has “Residential Subscriber” An individual who has contracted issued regulations that establish a national “Do-Not-Call” with a common carrier to provide telephone exchange service registry and other modifications to the Telephone Consumer at a personal residence. Protection Action of 1991 (TCPA)2. The FCC regulations impose financial penalties on all commercial telemarketers “Seller” The person or entity on whose behalf a telephone for calling phone numbers on the “Do-Not-Call” registry. call or message is initiated for the purpose of encouraging For those numbers not on the registry, the regulations set purchase or rental of, or investment in, property, goods, or a maximum rate on the number of abandoned calls and services, which is transmitted to any person. require telemarketers to transmit caller ID information. The regulations also modify the FCC’s unsolicited facsimile “Telemarketer” The person or entity that initiates a telephone advertising requirements, which in turn were modified by the call or message for the purpose of encouraging the purchase or Junk Fax Prevention Act of 2005 and became effective on July rental of, or investment in, property, goods, or services, which 9, 2005. The FCC regulations were, generally, effective as of is transmitted to any person. October 1, 2003. “Telemarketing” The initiation of a telephone call or message The FCC regulation expanded coverage of the national for the purpose of encouraging the purchase or rental of, “Do-Not-Call”3 registry by including banks, insurance or investment in, property, goods, or services, which is companies, credit unions, and savings associations. The transmitted to any person. Federal Trade Commission’s (FTC) telemarketing regulations parallel the FCC regulations4 and apply to all other business “Telephone Solicitation” The initiation of a telephone call or entities, including third parties acting as agent or on behalf of message for the purpose of encouraging the purchase or rental a financial institution. of, or investment in, property, goods, or services, which is transmitted to any person. Telephone solicitation does not Key Definitions: include a call or message to any person with that person’s “Abandoned Call” A telephone call that is not transferred permission, to any person with whom the caller has an to a live sales agent within two seconds of the recipient’s established business relationship, or on behalf of a tax-exempt completed greeting. nonprofit organization. “Automatic Telephone Dialing System and Autodialer” “Unsolicited Advertisement” Any material that advertises the Equipment that has the capacity to store or produce telephone commercial availability or quality of any property, goods, numbers to be called using a random or sequential number or services, which is transmitted to any person without that generator and the capability to dial such numbers. person’s prior express invitation or permission. “Established Business Relationship” A prior or existing General Requirements of TCPA relationship between a person or entity and a residential The FCC regulations that implement the Telephone Consumer subscriber based on the subscriber’s purchase or transaction Protection Act of 1991 provide consumers with options to with the entity within the 18 months immediately preceding avoid unwanted telephone solicitations. The regulations the date of the telephone call or on the basis of the subscriber’s address the following: inquiry or application regarding products or services offered by the entity within the three months immediately preceding • The FCC’s adoption of a national “Do-Not-Call” registry the date of the call, and neither party has previously terminated that expands coverage to entities regulated by the FTC.5 • Under the FCC’s rules, no seller or entity telemarketing on 1 This section fully incorporates the examination procedures issued under behalf of the seller can initiate a telephone solicitation to DSC RD Memo 07-034: Joint Examination Procedures for the Telephone a residential telephone subscriber who has registered his Consumer Protection Act. or her telephone number on the national “Do-Not-Call” 2 47 USC 227; The Federal Communications Commission final regulations were published in the Federal Register on July 25, 2003 (68 FR 44144). 5 By doing so, the FCC asserts its considerably broader jurisdiction over 3 The Federal Trade Commission (FTC) maintains the registry adopted by telemarketing than the FTC. Specifically, telemarketing by in-house the FCC. employees of banks, savings associations, and credit unions, as well as other areas of commerce, are covered by the FCC’s authority. 4 The Federal Trade Commission final regulations were published in the Federal Register on January 29, 2003. (68 FR 4580) FDIC Compliance Manual — June 2006 VIII-5.1
  • 2. VIII. Privacy – TCPA registry. A safe harbor exists for an inadvertent violation • Unsolicited fax transmissions must be preceded by the of this requirement if the telemarketer can demonstrate advertiser’s receipt of the express written permission that the violation was an error and that its routine practices and signature of the intended recipient, unless there include: is an “existing business relationship.” However, the 1. Written procedures. express permission cannot be conveyed through the use of a “negative option.” Businesses that advertise by 2. Training of personnel. fax are required to maintain records demonstrating that 3. Maintenance of a list of telephone numbers excluded recipients have provided express permission to send from contact. fax advertisements or that there is an existing business 4. Use of a version of the national “Do-Not Call” relationship. [47 CFR 64.1200(a)(3) and 47 USC 227 as registry obtained no more than three months prior to amended by the Junk Fax Prevention Act of 2005 the date any call is made (with records to document • Tax-exempt nonprofit organizations are not required to compliance). comply with the do-not-call provisions of the TCPA. [47 5. Process to ensure that it does not sell, rent, lease, CFR 64.1200(d)(7)] purchase, or use the do-not-call database in any manner Examination Objectives: except in compliance with regulations. [47 CFR 64.1200(c)(2)(i)] 1. Assess the quality of a financial institution’s compliance program for implementing TCPA by reviewing the • Companies must maintain company-specific do-not-call appropriate policies, procedures, and other internal lists reflecting the names of customers with established controls. business relationships who have requested to be excluded from telemarketing. Such requests must be honored for five 2. Determine the reliance that can be placed on a financial years. [47 CFR 64.1200(d)(6)] institution’s audit or compliance review in monitoring the • Telemarketing calls can only be made between the hours of institution’s compliance with TCPA. 8 a.m. and 9 p.m. (local time at the called party’s location). 3. Determine a financial institution’s compliance with TCPA. [47 CFR 64.1200(c)(1)] 4. Initiate effective corrective actions when violations of law • All telemarketers must comply with limits on “abandoned are identified, or when policies or internal controls are calls” and employ other consumer-friendly practices deficient. when using automated telephone-dialing equipment. A telemarketer must abandon no more than 3 percent of Examination Procedures calls answered by a person and must deliver a prerecorded Initial Procedures identification message when abandoning a call. Two or more telephone lines of a multi-line business are not to be 1. Through discussions with appropriate management called simultaneously. Telemarketers must disconnect an officials, determine whether or not management has unanswered telemarketing call prior to at least 15 seconds considered the applicability of TCPA and what, if any, steps or four rings. All businesses that use autodialers to sell have been taken to ensure current and future compliance. services must maintain records documenting compliance 2. Through discussions with appropriate management with call abandonment rules. [47 CFR 64.1200(a)(4, 5 and officials, ascertain whether the financial institution is 6)] subject to TCPA by determining whether it or a third-party • All prerecorded messages, whether delivered by automated telemarketing firm engages in any form of telephone dialing equipment or not, must identify the name of the solicitation. entity responsible for initiating the call, along with the Stop here if the financial institution itself does not engage telephone number of that entity that can be used during directly or indirectly through a third-party telemarketing normal business hours to ask not to be called again. [47 firm, in any form of telephone solicitation via telephone or CFR 64.1200(b)] facsimile machine. The financial institution is not subject to • All telemarketers must transmit caller ID information, TCPA, and no further examination for TCPA is necessary. when available, and must refrain from blocking any such transmission(s) to the consumer. [47 CFR 64.1601(e)]6 3. Determine, through a review of available information, whether the financial institution’s internal controls are adequate to ensure compliance with TCPA. Consider the 6 The rule sets forth the technical information that must be made available (subject to differing technologies). The FCC stated that Caller ID following: information should also increase accountability and provide an important • Organization chart to determine who is responsible for resource for the FCC and FTC in pursuing enforcement actions against TCPA violators. (68 FR 44166, July 25, 2003) the financial institution’s compliance with TCPA; VIII-5.2 FDIC Compliance Manual — June 2006
  • 3. VIII. Privacy – TCPA • Process flow charts to determine how the financial • Effective corrective action occurred in response to institution’s TCPA compliance is planned for, evaluated, previously identified deficiencies; and achieved; • The audits and compliance reviews performed were • Policies and procedures that address: reasonable and accurate; a. Recording a telephone subscriber’s request not to • Deficiencies, their causes, and the effective corrective receive calls from a particular financial institution actions are consistently reported to management or the and the maintenance of those recordings for five members of the board of directors; and years. • The frequency of the compliance review is satisfactory. b. Placement of the telephone subscriber’s name, 5. Review a sample of complaints to determine whether or not if given, and telephone number on the financial any potential violations of TCPA exist. institution’s do-not-call list. c. Maintenance of the list of telephone numbers that 6. Based on the review of complaints that pertain to aspects the financial institution may not contact. of TCPA, revise the scope of examination focusing on the areas of particular risk. The verification procedures to be d. Compliance with the national do-not-call rules. employed depend upon the adequacy of the institution’s e. Use of a telephone facsimile machine, computer, or compliance program and level of risk identified. other device to send an unsolicited advertisement to a telephone facsimile machine. Verification Procedures • Training of the financial institution’s personnel engaged 1. Obtain a list of marketing or promotional programs in telemarketing as to the existence and use of the for products and services that the financial institution financial institution’s do-not-call list and the national promoted with telemarketing either directly or through a do-not-call rules; [47 CFR 64.1200(d)(2)] third-party vendor. • Process for recording a telephone subscriber’s request 2. Obtain a sample of data, or through testing or not to receive calls and to place the subscriber’s name, managements demonstration, for at least one program, if provided, and telephone number on a do-not-call list; determine whether: [47 CFR 64.1200(d)(3)] Do-Not-Call List • Process used to access the national do-not-call database; [47 CFR 64.1200(c)(2)(i)(D)] • The institution or its third-party vendor verified whether the subscriber’s telephone number was listed on the • Process to ensure that the financial institution (and any national “Do-Not Call” registry. [47 CFR 64.1200(c) third-party engaged in making telemarketing calls on (2)] behalf of the financial institution) does not sell, rent, lease, purchase, or use the national do-not-call database • If the telephone subscriber is on the national “Do-Not for any purpose except for compliance with the TCPA; Call” registry and a telemarketing call is made, the [47 CFR 64.1200(c)(2)(i)(E)] existence of an established business relationship between the subscriber and the financial institution can • Process to ensure that telemarketers making be confirmed [47 CFR 64.1200(f)(3)] or the safe harbor telemarketing calls are providing the called party conditions have been met. [47 CFR 64.1200(d)] with the name of the individual caller, the name of the financial institution on whose behalf the call is • Through testing or management’s demonstration, verify being made, and a telephone number (that is not a 900 that the financial institution has a process to determine number or a long distance number) or address at which whether it has an established business relationship with the financial institution may be contacted; [47 CRF a telephone subscriber. [47 CFR 64.1200(f)(3)] 64.1200(d)(4)] and • A telephone subscriber’s desire to be placed on a • Internal checklists, worksheets, and other relevant company-specific do-not-call list was honored for five documents. years. [47 CFR 64.1200(d)(6)] • The institution or its third-party vendor employs a 4. Review applicable audit and compliance review material, version of the national “Do-Not Call” registry or including work papers, checklists, and reports, to determine portions of the database for areas called that was whether: obtained no more than three months prior to the call • The procedures address the TCPA provisions applicable date (three-month process). [47 CFR 64.1200(c)(2)(i) to the institution; (D)] FDIC Compliance Manual — June 2006 VIII-5.3
  • 4. VIII. Privacy – TCPA • The institution or its third-party vendor maintains References records to support the three-month process. [47 CFR Federal Trade Commission Resources 64.1200(c)(2)(i)(D)] Do-Not-Call Registration at FTC Website • The telephone call was made between the hours of 8 a.m. and 9 p.m. local time for the called party’s Telephone Disclosure and Dispute Resolution Act of 1992 location. [47 CFR 64.1200(c)(1)] Automated Dialing and Abandoned Calls Telemarketing and Consumer Fraud and Abuse Prevention Act • Any calls that were made using artificial or prerecorded voice messages to a residential telephone number met Telecommunication Act of 1996 the requirements in 47 CFR 64.1200(a)(6)(i). Do-Not-Call Implementation Act • The name, telephone number, and purpose of the call were provided to the subscriber if the call was Do-Not-Call Registry Act of 2003 abandoned. [47 CFR 64.1200(a)(6)] • The institution or its third-party vendor maintains Federal Communications Commission Resources appropriate documentation of abandoned calls, Do-Not-Call Registry sufficient to determine whether they exceed the 3 percent limit in the 30-day period reviewed. [47 CFR Rules and Regulations Implementing the Telephone Consumer 64.1200(a)(6)] Protection Act of 1991 • The institution or its third-party vendor transmits caller identification information. [47 CFR 64.1601(e)] FCC Delays Effective Date for Rules Concerning Unsolicited 3. Ensure that the financial institution does not participate Fax Advertisements in any purchase-sharing arrangement for access to the national “Do-Not Call” registry. [47 CFR 64.1200(c)(2)(i) Job Aids (E)] Telephone Consumer Protection Act Worksheet 4. Observe call center operations, if appropriate, to verify This worksheet can be used to review audit work papers, to abandoned call practices regarding ring duration and evaluate bank policies, to perform transaction testing, and two-second transfer rule. [47 CFR 64.1200(a)(6)] to train as appropriate. Complete only those aspects of the worksheet that specifically relate to the issue being reviewed, Conclusions evaluated, or tested, and retain those completed sections in the 1. Summarize all findings, supervisory concerns, and work papers. regulatory violations. 2. For the violation(s), determine the root cause by identifying weaknesses in internal controls, audit and compliance reviews, training, management oversight, or other factors; also, determine whether the violation(s) are repetitive or systemic. 3. Identify action needed to correct violations and weaknesses in the institution’s compliance program. 4. Discuss findings with the institution’s management, and obtain a commitment for corrective action. 5. Record violations according to agency policy to facilitate analysis and reporting. VIII-5.4 FDIC Compliance Manual — June 2006
  • 5. VIII. Privacy – TCPA Examination Worksheet—Telephone Consumer Protection Act Yes No 1. Does the financial institution or any third party vendor engage in telemarketing activities on the financial institutions behalf? If No, stop here. If Yes, continue to question #2. For the questions below, every “No” answer indicates a potential violation of the regulation and/or an internal control deficiency that must be explained fully in the work papers. Delivery Restrictions (47 CFR 64.1200)) 2. The financial institution engaged in telemarketing is registered on the FTC’s Web site as a seller. 3. Each financial institution affiliate engaged in telemarketing also is registered on the FTC’s Web site and does not rely on the financial institution’s registration. 4. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from initiating any telephone call using an automatic telephone dialing system or an artificial or prerecorded voice to: 5. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from using a telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine without an established business relationship or express written permission from the recipient. [47 USC 227 as amended by the Junk Fax Prevention Act of 2005] 6. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from using an automatic telephone dialing system in such a way that two or more telephone lines of a multi-line business are engaged simultaneously. [47 CFR 64.1200(a)(4)] 7. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from disconnecting an unanswered telemarketing call prior to at least 15 seconds or four rings. [47 CFR 64.1200(a)(5)] 8. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from abandoning more than 3 percent of all telemarketing calls that are answered live by a person, measured over a 30-day period. [47 CFR 64.1200(a)(6)] 9. For an abandoned call, the information provided is limited to the name and telephone number of the business, entity, or individual on whose behalf the call was placed and that the call was made for “telemarketing purposes.” [47 CFR 64.1200(a)(6)] 10. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from using any technology to dial any telephone number for determining whether the line is a facsimile or voice line. [47 CFR 64.1200(a)(7)] 11. If the financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) uses an automatic or prerecorded telephone message, determine whether: [47 CFR 64.1200(b)] • At the beginning of the message, the business, individual, or other entity initiating the call is clearly identified. • The name of the business responsible for initiating the call is stated. FDIC Compliance Manual — June 2006 VIII-5.5
  • 6. VIII. Privacy – TCPA Examination Worksheet—Telephone Consumer Protection Act Yes No • The name of the business responsible for initiating the call is registered with the appropriate regulatory authority. • During the message, the telephone number for the business responsible for initiating the call is provided. • The number provided is available during regular business hours. 12. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) initiates all calls to residential subscribers between the hours of 8 a.m. and 9 p.m. (local time of the called party’s location). [47 CFR 64.1200(c)(1)] 13. Prior to initiating any call, the financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) checks the national “Do-Not Call” registry to verify that the residential telephone subscriber’s number is not listed. [47 CFR 64.1200(c)(2)] 14. If the financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) calls a subscriber whose number appears on the “Do-Not Call” registry, does it meet one of the following criteria: • It can demonstrate that the violation is the result of an error and that its routine business practices meet the minimum standards set forth in the regulation [47 CFR 64.1200(c)(2)(i)] • It has the subscriber’s prior express invitation or permission evidenced by a signed, written agreement that includes a telephone number to which the calls may be placed. [47 CFR 64.1200(c)(2)(ii)] • It has a personal relationship with the recipient of the call. [47 CFR 64.1200(c)(2)(iii)] 15. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) has a process to provide the called party with the following information: • The name of the individual caller. • The name of the person or entity on whose behalf the call is being made. • A telephone number or address at which the entity may be contacted. [47 CFR 64.1200(d)(4)] 16. The financial institution has a process in place that considers whether an established business relationship should extend to an affiliate. [47 CFR 64.1200(f)(ii)] 17. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) maintains a do-not-call record listing callers’ requests not to receive further telemarketing calls. [47 CFR 64.1200(d)(6)] 18. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) honors a caller’s request not to receive telemarketing calls for five years from the time the request is made. [47 CFR 64.1200(d)(6) 19. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) transmits caller identification information. [47 CFR 64.1601(e)] VIII-5.6 FDIC Compliance Manual — June 2006

×